I am Marcos Bajo h3xduck

Systems/Software security researcher

PhD Student at CISPA Helmholtz Center for Information Security

My Talks

Black Hat USA 2025
Black Hat USA 2025
RootedCON Madrid 2026 (ES)
RootedCON Madrid 2026 (ES)
RootedCON Madrid 2023 (ES)
RootedCON Madrid 2023 (ES)
eBPF Summit 2022 (online)
eBPF Summit 2022 (online)

My Work

Publications

Crashing Through Defenses: Exploiting Segfaults and Chaining around Intel CET
Marcos Bajo, Ritvik Goyal, Apostolos Chatzianagnostou, Christian Rossow
IEEE Symposium on Security and Privacy (S&P) 2026
PLATYPUS: Restricting Cross-Module Transitions to Mitigate Code-Reuse Attacks
Apostolos Chatzianagnostou, Marcos Bajo, Christian Rossow
IEEE Symposium on Security and Privacy (S&P) 2026
Await() a Second: Evading Control Flow Integrity by Hijacking C++ Coroutines
Marcos Bajo, Christian Rossow
USENIX Security 2025

Honorable Mention (Top 6% of Accepted Papers)

Other Works

An analysis of offensive capabilities of eBPF and implementation of a rootkit
Bachelor thesis (2022)

Honours
TaintBlade: A framework for automated protocol reverse engineering and study of malware command and control protocols
Master thesis (2023)

Honours

Open Source Stuff I've made

TripleCross
A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
SFOP
The Segmentation Fault-Oriented Programming exploitation technique.
CFOP
The Coroutine Frame-Oriented Programming exploitation technique.
Umbra
A LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can spawn a reverse shell to a remote host, launch malware and more.
RawTCPLib
A C library for creating and using TCP/IP packets with raw network sockets.
TaintBlade
A protocol reverse engineering framework with a custom Intel PIN multi-color tainting engine.
Greta
Android application for writing and saving encrypted notes.